$securityPropertyDescription) {
if ($securityPropertyName == "availability") {
return true;
} else if ($securityPropertyName == "integrity") {
return true;
} else if ($securityPropertyName == "confidentiality") {
return true;
} else if ($securityPropertyName == "authorization") {
return true;
} else if ($securityPropertyName == "authentication") {
return true;
} else if ($securityPropertyName == "non-repudiation") {
return true;
}
}
return false;
}
function printDetail($dimension, $subdimension, $elementName, $dimensions, $report = false)
{
$element = $dimensions[$dimension][$subdimension][$elementName];
if ($element == null) { //Whitelist approach for security reasons (deny XSS)
//echo "Sorry, we could not found the element";
return;
}
if ($report) {
$headerWeight = 3;
} else {
$headerWeight = 1;
}
$pageH1 = "";
if (!$report) {
$pageH1 .= $dimension;
if ($dimension != $subdimension) {
$pageH1 .= " -> $subdimension";
}
$pageH1 .= ": $elementName";
} else {
$pageH1 .= "$elementName";
}
echo "$pageH1";
echo build_table_tooltip($element, $headerWeight + 1);
echo "
";
/*
if (hasSecurityProperties($element["securityProperties"])) {
echo "Security Properties";
foreach ($element["securityProperties"] as $securityPropertyName => $securityPropertyDescription) {
if ($securityPropertyName == "availability") {
$securityPropertyName = "VerfĂĽgbarkeit";
} else if ($securityPropertyName == "integrity") {
$securityPropertyName = "Integrität";
} else if ($securityPropertyName == "confidentiality") {
$securityPropertyName = "Vertraulichkeit";
} else if ($securityPropertyName == "authorization") {
$securityPropertyName = "Autorisierung";
} else if ($securityPropertyName == "authentication") {
$securityPropertyName = "Authentifizierung";
} else if ($securityPropertyName == "non-repudiation") {
$securityPropertyName = "Nicht Abstreitbarkeit";
}
echo "" . ucfirst($securityPropertyName) . ": $securityPropertyDescription
";
}
}
*/
if (array_key_exists("dependsOn", $element) || array_key_exists("implementation", $element) || array_key_exists("comment", $element)) {
echo "Additional Information";
if (array_key_exists("dependsOn", $element)) {
$dependsOn = $element['dependsOn'];
$dependencies = "";
$first = true;
foreach ($dependsOn as $dimensionElement) {
if (!$first) {
$dependencies .= ", ";
}
$dependencies .= $dimensionElement;
$first = false;
}
echo "Dependencies: $dependencies
";
}
}
if (array_key_exists("implementation", $element) && !empty($element['implementation'])) {
$implementation = $element['implementation'];
echo "Implementation hints: ";
if(is_array($implementation)){
echo "
";
foreach($implementation as $implementationElement) {
echo "- $implementationElement
";
}
echo "
";
}else {
echo $implementation;
}
echo "
";
}
if (array_key_exists("comment", $element) && !empty($element['comment'])) {
$comment = $element['comment'];
echo "Comments: $comment
";
}
if (array_key_exists("samm", $element) && !empty($element['samm'])) {
$samm = $element['samm'];
echo "OWASP SAMM 1 Mapping: $samm
";
}
}
printDetail($dimension, $subdimension, $elementName, $dimensions);